CVE-2022-2273

Summary

The Simple Membership WordPress plugin before 4.1.3 does not properly validate the membership_level parameter when editing a profile, allowing members to escalate to a higher membership level by using a crafted POST request.

Affected Software

VendorProductVersion RangeStatus
UnknownSimple Membership4.1.3 < 4.1.3affected

Weaknesses

  • CWE-269: CWE-269 Improper Privilege Management

ADP Enrichment

CVE Program Container

Additional References

References